Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Block ads and trackers using the hosts(5) file on OS X
#!/bin/bash
# Block ads and trackers using the HOSTS(5) file on OSX
#
# The script also has some pfsense fu, for more details on this script visit
# http://shinnok.com/rants/2015/04/05/blocking-ads-and-trackers-using-hosts/
#
# Dependencies:
# * git
# * curl
# * links - the www text browser
PFSENSE=false
if [ "$1" == "--firewall" ] || [ "$1" == "-f" ]; then
PFSENSE=true
fi
if [ $(whoami) != "root" ]
then
echo "I'm not root. Please sudo."
exit 1
fi
cd /etc/
git status >/dev/null 2>&1
if [ "$?" != "0" ]
then
echo "No git repository found in /etc/. Initializing one is seriously encouraged if you want to use this script."
exit 1
fi
if [ ! -d "./hosts.d" ]
then
echo "Initializing hosts.d..."
mkdir ./hosts.d || exit 1
cp ./hosts ./hosts.d/hosts.1.head || exit 1
touch ./hosts.d/hosts.2.custom || exit 1
echo "You can custom host lookup rules in /etc/hosts.d/hosts.2.custom."
fi
echo "Updating..."
type links >/dev/null 2>&1 || { echo >&2 "I need the links tool to parse html pages. Aborting."; exit 1; }
links -dump https://hosts.neocities.org/ | sed 's/^ *//' > /etc/hosts.d/hosts.3.adblock
cat /etc/hosts.d/* > /etc/hosts
if [ "$PFSENSE" == "true" ]
then
grep emerging-threats ./pf.conf > /dev/null
if [ "$?" != "0" ]
then
echo "Adding pf anchors..."
cat >> pf.conf <<END
anchor "ip-block"
load anchor "ip-block" from "/etc/pf.anchors/ip-block"
anchor "emerging-threats"
load anchor "emerging-threats" from "/etc/pf.anchors/emerging-threats"
END
cat > pf.anchors/ip-block <<END
table <ip_block> persist file "/etc/pf.rules/ip-block.pf"
block log quick from <ip_block> to any
block log quick from any to <ip_block>
END
touch ./pf.rules/ip-block.pf || exit 1
echo "You can block individual ip addresses or ranges in /etc/pf.rules/ip-block.pf."
fi
curl http://rules.emergingthreats.net/fwrules/emerging-PF-ALL.rules -o /etc/pf.anchors/emerging-threats 2>/dev/null
fi
git diff --exit-code ./hosts ./pf.anchors
if [ "$?" == "0" ]
then
echo "No updates."
exit
fi
echo "Commit changes(y/n)?"
read response
if [ "$response" == "y" ]
then
git commit ./hosts ./hosts.d/ ./pf.anchors/ -m "Update hosts and pfsense block lists."
discoveryutil mdnsflushcache
discoveryutil udnsflushcaches
if [ "$PFSENSE" == "true" ]; then
pfctl -f /etc/pf.conf
fi
else
echo "Please investigate. Revert /etc/hosts if suspicious. Rules not pointing at 0.0.0.0 in /etc/hosts:"
grep -v -e ^0.0.0.0 -e ^# /etc/hosts
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment